diff options
| author | V3n3RiX <venerix@koprulu.sector> | 2022-05-12 16:42:50 +0300 |
|---|---|---|
| committer | V3n3RiX <venerix@koprulu.sector> | 2022-05-12 16:42:50 +0300 |
| commit | 752d6256e5204b958b0ef7905675a940b5e9172f (patch) | |
| tree | 330d16e6362a49cbed8875a777fe641a43376cd3 /net-misc/vino | |
| parent | 0c100b7dd2b30e75b799d806df4ef899fd98e1ea (diff) | |
gentoo resync : 12.05.2022
Diffstat (limited to 'net-misc/vino')
| -rw-r--r-- | net-misc/vino/Manifest | 7 | ||||
| -rw-r--r-- | net-misc/vino/files/CVE-2014-6053.patch | 31 | ||||
| -rw-r--r-- | net-misc/vino/files/CVE-2018-7225.patch | 64 | ||||
| -rw-r--r-- | net-misc/vino/files/CVE-2019-15681.patch | 26 | ||||
| -rw-r--r-- | net-misc/vino/metadata.xml | 11 | ||||
| -rw-r--r-- | net-misc/vino/vino-3.22.0-r3.ebuild | 77 |
6 files changed, 0 insertions, 216 deletions
diff --git a/net-misc/vino/Manifest b/net-misc/vino/Manifest deleted file mode 100644 index a873cd3e2cc1..000000000000 --- a/net-misc/vino/Manifest +++ /dev/null @@ -1,7 +0,0 @@ -AUX CVE-2014-6053.patch 1054 BLAKE2B 4f1b4512bc2c0d3ea971379bcbe28ceda2288f7acd041e565ad7bcd884fbca2373f5ed5e862a11d83cd6d4a222d8e75ad0fd20f4e8e867ec657a6f009cb573fd SHA512 0c3873b5a26576d13446c8b78b8737ada2f1bf9efd7af015061bfe1df694d54c741ee6d9f551abc60d8bf30e92e5ce8b40d50d12b378add5e5f9ce3a70fef8a5 -AUX CVE-2018-7225.patch 2397 BLAKE2B 2adae0915f8ab5046b80d30b9e1ad7ae923ddc01c9281d4b1ef59ff360a5408f3581e70dcca2e31e0b66179e32503d36df5e2ce4903478e06a4c7b5331676aa0 SHA512 9a9d8f8bbb96a75e96d4eb4c649e2c5e6ff3fb713b030559ba465b1267e742e0399b8f142de94d9ce2aacf9cd8403406bac247b29812559172b5b324c87b9e1c -AUX CVE-2019-15681.patch 950 BLAKE2B 5c45bd813ef1329ebec3486fd5464df510d72f52172cd0b6ce9aeebb06685e33500df3f2e335a882067e0aa1b8db4f9307aba04879b91e4b6b04071a50e9551a SHA512 4e9e638b12970ccac3ffd85135cc93a943ec30a9d73797fda4e8403a464e6f63870b28f6f1dfa27d959a5703068cc53287112b1d4d85682edf7161b300951a61 -DIST vino-3.22.0-patchset.tar.xz 158480 BLAKE2B fb8b50abde8cb4728410302c1d3a57bc4d344a33ac0bd9f1265fd24eb142dcd52e870845b902c9b63e98134f87873ebf6abfcfcd1efadb72b0cc72b04f9bf4be SHA512 cf96f5dce96d5c060462698c9d8df6f6d94eb9d624cb689c1262830840ed8f3617485f2274832076c273625e92a89732f9c2ae99dbcbf495e5293cf88408064f -DIST vino-3.22.0.tar.xz 768716 BLAKE2B 5c3f6df059f129009bbc97527d1767bc8a29d8cbff5e6f9e89dabc4583ffdae2cf235eec66cbcb5f9e73c9a0a7c05a504e4e90221bf5adfc2ecbbbd518fdc84a SHA512 29b88e151b0b8c69bce1565ae3ec2e788f48c7645429984329fb2d3daaf03cc5ac100abbf70247bf0516c6d03a3b9aeb78d018c8f1bf35fd241919117fd1105f -EBUILD vino-3.22.0-r3.ebuild 2012 BLAKE2B d6604f807b9e5b5aafe15b68e6b15ff8acf304620996cacb033e4b8b8bd992257c14d408aec763542d73c7f845668709869e95cf05f33ecd55f28ec7d9a652ad SHA512 a02a240c99114b1803fa1829d1a1853e53041ff0eba31ab1898b6136daf4c07b54b9158ceb4cf00829fb95e4beabcf73bd5e8fd9279bbae77838210cbe26792b -MISC metadata.xml 344 BLAKE2B b89a374a41a9da43ae3a6e48ce91e410f44577b0e06b0720abc8fa4f1e152fe4efd035021467aa65e6a5fea355c84ae84c2ffeaea8299845d8c32ce73f2d3986 SHA512 7100cdaccb91d3e29aa9bbbae17d0b2500b82333ace16248f1755f4f4ca8cee9f5ba699152a1f78333dc851ae99cc3fa2e7d92ae5620466eb6123b82438e42f9 diff --git a/net-misc/vino/files/CVE-2014-6053.patch b/net-misc/vino/files/CVE-2014-6053.patch deleted file mode 100644 index 8830c30f870d..000000000000 --- a/net-misc/vino/files/CVE-2014-6053.patch +++ /dev/null @@ -1,31 +0,0 @@ -From b1bfadcbfd88970c6d48672e2dbcca8713c91411 Mon Sep 17 00:00:00 2001 -From: Nicolas Ruff <nruff@google.com> -Date: Mon, 18 Aug 2014 15:16:16 +0200 -Subject: [PATCH 1/3] Check malloc() return value on client->server - ClientCutText message. Client can send up to 2**32-1 bytes of text, and such - a large allocation is likely to fail in case of high memory pressure. This - would in a server crash (write at address 0). - ---- - server/libvncserver/rfbserver.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/server/libvncserver/rfbserver.c b/server/libvncserver/rfbserver.c -index a880b53..2615dc3 100644 ---- a/server/libvncserver/rfbserver.c -+++ b/server/libvncserver/rfbserver.c -@@ -853,6 +853,11 @@ rfbProcessClientNormalMessage(rfbClientPtr cl) - msg.cct.length = Swap32IfLE(msg.cct.length); - - str = (char *)malloc(msg.cct.length); -+ if (str == NULL) { -+ rfbLogPerror("rfbProcessClientNormalMessage: not enough memory"); -+ rfbCloseClient(cl); -+ return; -+ } - - if ((n = ReadExact(cl, str, msg.cct.length)) <= 0) { - if (n != 0) --- -2.20.1 - diff --git a/net-misc/vino/files/CVE-2018-7225.patch b/net-misc/vino/files/CVE-2018-7225.patch deleted file mode 100644 index 1b1186b4fe78..000000000000 --- a/net-misc/vino/files/CVE-2018-7225.patch +++ /dev/null @@ -1,64 +0,0 @@ -From d8a663541ef358a13fed2fbb39e7d323454369dc Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com> -Date: Mon, 26 Feb 2018 13:48:00 +0100 -Subject: [PATCH 2/3] Limit client cut text length to 1 MB - -This patch constrains a client cut text length to 1 MB. Otherwise -a client could make server allocate 2 GB of memory and that seems to -be to much to classify it as a denial of service. - -The limit also prevents from an integer overflow followed by copying -an uninitilized memory when processing msg.cct.length value larger -than SIZE_MAX or INT_MAX - sz_rfbClientCutTextMsg. - -This patch also corrects accepting length value of zero (malloc(0) is -interpreted on differnet systems differently). - -CVE-2018-7225 -<https://github.com/LibVNC/libvncserver/issues/218> ---- - server/libvncserver/rfbserver.c | 21 ++++++++++++++++++++- - 1 file changed, 20 insertions(+), 1 deletion(-) - -diff --git a/server/libvncserver/rfbserver.c b/server/libvncserver/rfbserver.c -index 2615dc3..2224edb 100644 ---- a/server/libvncserver/rfbserver.c -+++ b/server/libvncserver/rfbserver.c -@@ -59,6 +59,9 @@ - #define DEBUGPROTO(x) - #endif - -+/* PRIu32 */ -+#include <inttypes.h> -+ - rfbClientPtr pointerClient = NULL; /* Mutex for pointer events */ - - static void rfbProcessClientProtocolVersion(rfbClientPtr cl); -@@ -852,7 +855,23 @@ rfbProcessClientNormalMessage(rfbClientPtr cl) - - msg.cct.length = Swap32IfLE(msg.cct.length); - -- str = (char *)malloc(msg.cct.length); -+ /* uint32_t input is passed to malloc()'s size_t argument, -+ * to rfbReadExact()'s int argument, to rfbStatRecordMessageRcvd()'s int -+ * argument increased of sz_rfbClientCutTextMsg, and to setXCutText()'s int -+ * argument. Here we impose a limit of 1 MB so that the value fits -+ * into all of the types to prevent from misinterpretation and thus -+ * from accessing uninitialized memory (CVE-2018-7225) and also to -+ * prevent from a denial-of-service by allocating to much memory in -+ * the server. */ -+ if (msg.cct.length > 1<<20) { -+ rfbLog("rfbClientCutText: too big cut text length requested: %" PRIu32 "\n", -+ msg.cct.length); -+ rfbCloseClient(cl); -+ return; -+ } -+ -+ /* Allow zero-length client cut text. */ -+ str = (char *)calloc(msg.cct.length ? msg.cct.length : 1, 1); - if (str == NULL) { - rfbLogPerror("rfbProcessClientNormalMessage: not enough memory"); - rfbCloseClient(cl); --- -2.20.1 - diff --git a/net-misc/vino/files/CVE-2019-15681.patch b/net-misc/vino/files/CVE-2019-15681.patch deleted file mode 100644 index 31bb47ee9b27..000000000000 --- a/net-misc/vino/files/CVE-2019-15681.patch +++ /dev/null @@ -1,26 +0,0 @@ -From d9f3fa0ede556c6a751a8ca6c8bc37e769715233 Mon Sep 17 00:00:00 2001 -From: Christian Beier <dontmind@freeshell.org> -Date: Mon, 19 Aug 2019 22:32:25 +0200 -Subject: [PATCH 3/3] rfbserver: don't leak stack memory to the remote - -Thanks go to Pavel Cheremushkin of Kaspersky for reporting. ---- - server/libvncserver/rfbserver.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/server/libvncserver/rfbserver.c b/server/libvncserver/rfbserver.c -index 2224edb..ca4f59b 100644 ---- a/server/libvncserver/rfbserver.c -+++ b/server/libvncserver/rfbserver.c -@@ -1565,6 +1565,8 @@ rfbSendServerCutText(rfbScreenInfoPtr rfbScreen,char *str, int len) - rfbServerCutTextMsg sct; - rfbClientIteratorPtr iterator; - -+ memset((char *)&sct, 0, sizeof(sct)); -+ - iterator = rfbGetClientIterator(rfbScreen); - while ((cl = rfbClientIteratorNext(iterator)) != NULL) { - /* Client is not authenticated, ignore. See GNOME bug 678434. */ --- -2.20.1 - diff --git a/net-misc/vino/metadata.xml b/net-misc/vino/metadata.xml deleted file mode 100644 index 117499b97b35..000000000000 --- a/net-misc/vino/metadata.xml +++ /dev/null @@ -1,11 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd"> -<pkgmetadata> -<maintainer type="project"> - <email>gnome@gentoo.org</email> - <name>Gentoo GNOME Desktop</name> -</maintainer> -<use> - <flag name="telepathy">Enable desktop sharing through a telepathy client</flag> -</use> -</pkgmetadata> diff --git a/net-misc/vino/vino-3.22.0-r3.ebuild b/net-misc/vino/vino-3.22.0-r3.ebuild deleted file mode 100644 index 2b7a49e24349..000000000000 --- a/net-misc/vino/vino-3.22.0-r3.ebuild +++ /dev/null @@ -1,77 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 -GNOME2_EAUTORECONF="yes" -inherit gnome2 systemd - -DESCRIPTION="An integrated VNC server for GNOME" -HOMEPAGE="https://wiki.gnome.org/Projects/Vino" -SRC_URI+=" https://dev.gentoo.org/~leio/distfiles/${P}-patchset.tar.xz" - -LICENSE="GPL-2+" -SLOT="0" -KEYWORDS="~alpha amd64 ~arm ~arm64 ~ia64 ~ppc ~ppc64 ~sparc x86" -IUSE="crypt debug gnome-keyring ipv6 jpeg ssl +telepathy zeroconf +zlib" -# bug #394611; tight encoding requires zlib encoding -REQUIRED_USE="jpeg? ( zlib )" - -# cairo used in vino-fb -# libSM and libICE used in eggsmclient-xsmp -RDEPEND=" - >=dev-libs/glib-2.26:2 - >=dev-libs/libgcrypt-1.1.90:0= - >=x11-libs/gtk+-3:3 - - x11-libs/cairo:= - x11-libs/libICE - x11-libs/libSM - x11-libs/libX11 - x11-libs/libXdamage - x11-libs/libXext - x11-libs/libXfixes - x11-libs/libXtst - x11-libs/pango[X] - - >=x11-libs/libnotify-0.7.0:= - - crypt? ( >=dev-libs/libgcrypt-1.1.90:0= ) - gnome-keyring? ( app-crypt/libsecret ) - jpeg? ( virtual/jpeg:0= ) - ssl? ( >=net-libs/gnutls-2.2.0:= ) - telepathy? ( - dev-libs/dbus-glib - >=net-libs/telepathy-glib-0.18 ) - zeroconf? ( >=net-dns/avahi-0.6:=[dbus] ) - zlib? ( sys-libs/zlib:= ) -" -DEPEND="${RDEPEND} - app-crypt/libsecret - dev-util/glib-utils - >=dev-util/intltool-0.50 - gnome-base/gnome-common - virtual/pkgconfig -" -# libsecret is always required at build time per bug 322763 -# eautoreconf needs gnome-common - -PATCHES=( - "${WORKDIR}"/patches/ # Patches from master branch at 2020-02-15 state; needs autoreconf - "${FILESDIR}"/CVE-2014-6053.patch - "${FILESDIR}"/CVE-2018-7225.patch - "${FILESDIR}"/CVE-2019-15681.patch -) - -src_configure() { - gnome2_src_configure \ - $(use_enable ipv6) \ - $(use_with crypt gcrypt) \ - $(usex debug --enable-debug=yes ' ') \ - $(use_with gnome-keyring secret) \ - $(use_with jpeg) \ - $(use_with ssl gnutls) \ - $(use_with telepathy) \ - $(use_with zeroconf avahi) \ - $(use_with zlib) \ - --with-systemduserunitdir="$(systemd_get_userunitdir)" -} |